Author: markj
Date: Mon Nov 26 14:01:05 2018
New Revision: 340970
URL: https://svnweb.freebsd.org/changeset/base/340970

Log:
  MFC r340787 (by rmacklem), r340856, r340859:
  Ensure that directory entry padding bytes are zeroed.

Modified:
  stable/12/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_ctldir.c
  stable/12/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_vnops.c
  stable/12/sys/fs/autofs/autofs_vnops.c
  stable/12/sys/fs/cd9660/cd9660_vnops.c
  stable/12/sys/fs/devfs/devfs_devs.c
  stable/12/sys/fs/ext2fs/ext2_lookup.c
  stable/12/sys/fs/fdescfs/fdesc_vnops.c
  stable/12/sys/fs/fuse/fuse_internal.c
  stable/12/sys/fs/msdosfs/msdosfs_vnops.c
  stable/12/sys/fs/nandfs/nandfs_vnops.c
  stable/12/sys/fs/nfsclient/nfs_clrpcops.c
  stable/12/sys/fs/pseudofs/pseudofs_vnops.c
  stable/12/sys/fs/smbfs/smbfs_io.c
  stable/12/sys/fs/tmpfs/tmpfs_subr.c
  stable/12/sys/fs/tmpfs/tmpfs_vfsops.c
  stable/12/sys/fs/tmpfs/tmpfs_vnops.c
  stable/12/sys/fs/udf/udf_vnops.c
  stable/12/sys/kern/uipc_mqueue.c
  stable/12/sys/kern/vfs_export.c
  stable/12/sys/sys/dirent.h
  stable/12/sys/ufs/ufs/ufs_vnops.c
Directory Properties:
  stable/12/   (props changed)

Modified: stable/12/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_ctldir.c
==============================================================================
--- stable/12/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_ctldir.c       
Mon Nov 26 13:56:19 2018        (r340969)
+++ stable/12/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_ctldir.c       
Mon Nov 26 14:01:05 2018        (r340970)
@@ -262,9 +262,9 @@ sfs_readdir_common(uint64_t parent_id, uint64_t id, st
                entry.d_fileno = id;
                entry.d_type = DT_DIR;
                entry.d_name[0] = '.';
-               entry.d_name[1] = '\0';
                entry.d_namlen = 1;
                entry.d_reclen = sizeof(entry);
+               dirent_terminate(&entry);
                error = vfs_read_dirent(ap, &entry, uio->uio_offset);
                if (error != 0)
                        return (SET_ERROR(error));
@@ -277,9 +277,9 @@ sfs_readdir_common(uint64_t parent_id, uint64_t id, st
                entry.d_type = DT_DIR;
                entry.d_name[0] = '.';
                entry.d_name[1] = '.';
-               entry.d_name[2] = '\0';
                entry.d_namlen = 2;
                entry.d_reclen = sizeof(entry);
+               dirent_terminate(&entry);
                error = vfs_read_dirent(ap, &entry, uio->uio_offset);
                if (error != 0)
                        return (SET_ERROR(error));
@@ -694,6 +694,7 @@ zfsctl_root_readdir(ap)
        strcpy(entry.d_name, node->snapdir->sn_name);
        entry.d_namlen = strlen(entry.d_name);
        entry.d_reclen = sizeof(entry);
+       dirent_terminate(&entry);
        error = vfs_read_dirent(ap, &entry, uio->uio_offset);
        if (error != 0) {
                if (error == ENAMETOOLONG)
@@ -1099,6 +1100,7 @@ zfsctl_snapdir_readdir(ap)
                entry.d_reclen = sizeof(entry);
                /* NOTE: d_off is the offset for the *next* entry. */
                entry.d_off = cookie + dots_offset;
+               dirent_terminate(&entry);
                error = vfs_read_dirent(ap, &entry, uio->uio_offset);
                if (error != 0) {
                        if (error == ENAMETOOLONG)

Modified: stable/12/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_vnops.c
==============================================================================
--- stable/12/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_vnops.c        
Mon Nov 26 13:56:19 2018        (r340969)
+++ stable/12/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_vnops.c        
Mon Nov 26 14:01:05 2018        (r340970)
@@ -2547,6 +2547,7 @@ zfs_readdir(vnode_t *vp, uio_t *uio, cred_t *cr, int *
                        next = &odp->d_off;
                        (void) strlcpy(odp->d_name, zap.za_name, odp->d_namlen 
+ 1);
                        odp->d_type = type;
+                       dirent_terminate(odp);
                        odp = (dirent64_t *)((intptr_t)odp + reclen);
                }
                outcount += reclen;

Modified: stable/12/sys/fs/autofs/autofs_vnops.c
==============================================================================
--- stable/12/sys/fs/autofs/autofs_vnops.c      Mon Nov 26 13:56:19 2018        
(r340969)
+++ stable/12/sys/fs/autofs/autofs_vnops.c      Mon Nov 26 14:01:05 2018        
(r340970)
@@ -34,6 +34,7 @@
 __FBSDID("$FreeBSD$");
 
 #include <sys/param.h>
+#include <sys/systm.h>
 #include <sys/kernel.h>
 #include <sys/condvar.h>
 #include <sys/dirent.h>
@@ -44,7 +45,6 @@ __FBSDID("$FreeBSD$");
 #include <sys/namei.h>
 #include <sys/signalvar.h>
 #include <sys/stat.h>
-#include <sys/systm.h>
 #include <sys/taskqueue.h>
 #include <sys/tree.h>
 #include <sys/vnode.h>
@@ -354,14 +354,11 @@ autofs_readdir_one(struct uio *uio, const char *name, 
     size_t *reclenp)
 {
        struct dirent dirent;
-       size_t namlen, padded_namlen, reclen;
+       size_t namlen, reclen;
        int error;
 
        namlen = strlen(name);
-       padded_namlen = roundup2(namlen + 1, __alignof(struct dirent));
-       KASSERT(padded_namlen <= MAXNAMLEN, ("%zd > MAXNAMLEN", padded_namlen));
-       reclen = offsetof(struct dirent, d_name) + padded_namlen;
-
+       reclen = _GENERIC_DIRLEN(namlen);
        if (reclenp != NULL)
                *reclenp = reclen;
 
@@ -376,7 +373,7 @@ autofs_readdir_one(struct uio *uio, const char *name, 
        dirent.d_type = DT_DIR;
        dirent.d_namlen = namlen;
        memcpy(dirent.d_name, name, namlen);
-       memset(dirent.d_name + namlen, 0, padded_namlen - namlen);
+       dirent_terminate(&dirent);
        error = uiomove(&dirent, reclen, uio);
 
        return (error);

Modified: stable/12/sys/fs/cd9660/cd9660_vnops.c
==============================================================================
--- stable/12/sys/fs/cd9660/cd9660_vnops.c      Mon Nov 26 13:56:19 2018        
(r340969)
+++ stable/12/sys/fs/cd9660/cd9660_vnops.c      Mon Nov 26 14:01:05 2018        
(r340970)
@@ -380,8 +380,8 @@ iso_uiodir(idp,dp,off)
 {
        int error;
 
-       dp->d_name[dp->d_namlen] = 0;
        dp->d_reclen = GENERIC_DIRSIZ(dp);
+       dirent_terminate(dp);
 
        if (idp->uio->uio_resid < dp->d_reclen) {
                idp->eofflag = 0;

Modified: stable/12/sys/fs/devfs/devfs_devs.c
==============================================================================
--- stable/12/sys/fs/devfs/devfs_devs.c Mon Nov 26 13:56:19 2018        
(r340969)
+++ stable/12/sys/fs/devfs/devfs_devs.c Mon Nov 26 14:01:05 2018        
(r340970)
@@ -226,7 +226,7 @@ devfs_newdirent(char *name, int namelen)
        de->de_dirent->d_namlen = namelen;
        de->de_dirent->d_reclen = GENERIC_DIRSIZ(&d);
        bcopy(name, de->de_dirent->d_name, namelen);
-       de->de_dirent->d_name[namelen] = '\0';
+       dirent_terminate(de->de_dirent);
        vfs_timestamp(&de->de_ctime);
        de->de_mtime = de->de_atime = de->de_ctime;
        de->de_links = 1;

Modified: stable/12/sys/fs/ext2fs/ext2_lookup.c
==============================================================================
--- stable/12/sys/fs/ext2fs/ext2_lookup.c       Mon Nov 26 13:56:19 2018        
(r340969)
+++ stable/12/sys/fs/ext2fs/ext2_lookup.c       Mon Nov 26 14:01:05 2018        
(r340970)
@@ -223,9 +223,9 @@ ext2_readdir(struct vop_readdir_args *ap)
                        dstdp.d_fileno = dp->e2d_ino;
                        dstdp.d_reclen = GENERIC_DIRSIZ(&dstdp);
                        bcopy(dp->e2d_name, dstdp.d_name, dstdp.d_namlen);
-                       dstdp.d_name[dstdp.d_namlen] = '\0';
                        /* NOTE: d_off is the offset of the *next* entry. */
                        dstdp.d_off = offset + dp->e2d_reclen;
+                       dirent_terminate(&dstdp);
                        if (dstdp.d_reclen > uio->uio_resid) {
                                if (uio->uio_resid == startresid)
                                        error = EINVAL;

Modified: stable/12/sys/fs/fdescfs/fdesc_vnops.c
==============================================================================
--- stable/12/sys/fs/fdescfs/fdesc_vnops.c      Mon Nov 26 13:56:19 2018        
(r340969)
+++ stable/12/sys/fs/fdescfs/fdesc_vnops.c      Mon Nov 26 14:01:05 2018        
(r340970)
@@ -561,8 +561,8 @@ fdesc_readdir(struct vop_readdir_args *ap)
                        dp->d_namlen = i + 1;
                        dp->d_reclen = UIO_MX;
                        bcopy("..", dp->d_name, dp->d_namlen);
-                       dp->d_name[i + 1] = '\0';
                        dp->d_type = DT_DIR;
+                       dirent_terminate(dp);
                        break;
                default:
                        if (fdp->fd_ofiles[fcnt].fde_file == NULL)
@@ -572,6 +572,7 @@ fdesc_readdir(struct vop_readdir_args *ap)
                        dp->d_type = (fmp->flags & FMNT_LINRDLNKF) == 0 ?
                            DT_CHR : DT_LNK;
                        dp->d_fileno = i + FD_DESC;
+                       dirent_terminate(dp);
                        break;
                }
                /* NOTE: d_off is the offset of the *next* entry. */

Modified: stable/12/sys/fs/fuse/fuse_internal.c
==============================================================================
--- stable/12/sys/fs/fuse/fuse_internal.c       Mon Nov 26 13:56:19 2018        
(r340969)
+++ stable/12/sys/fs/fuse/fuse_internal.c       Mon Nov 26 14:01:05 2018        
(r340970)
@@ -357,7 +357,7 @@ fuse_internal_readdir_processdata(struct uio *uio,
                memcpy((char *)cookediov->base + sizeof(struct dirent) - 
                       MAXNAMLEN - 1,
                       (char *)buf + FUSE_NAME_OFFSET, fudge->namelen);
-               ((char *)cookediov->base)[bytesavail - 1] = '\0';
+               dirent_terminate(de);
 
                err = uiomove(cookediov->base, cookediov->len, uio);
                if (err) {

Modified: stable/12/sys/fs/msdosfs/msdosfs_vnops.c
==============================================================================
--- stable/12/sys/fs/msdosfs/msdosfs_vnops.c    Mon Nov 26 13:56:19 2018        
(r340969)
+++ stable/12/sys/fs/msdosfs/msdosfs_vnops.c    Mon Nov 26 14:01:05 2018        
(r340970)
@@ -1550,16 +1550,18 @@ msdosfs_readdir(struct vop_readdir_args *ap)
                                switch (n) {
                                case 0:
                                        dirbuf.d_namlen = 1;
-                                       strcpy(dirbuf.d_name, ".");
+                                       dirbuf.d_name[0] = '.';
                                        break;
                                case 1:
                                        dirbuf.d_namlen = 2;
-                                       strcpy(dirbuf.d_name, "..");
+                                       dirbuf.d_name[0] = '.';
+                                       dirbuf.d_name[1] = '.';
                                        break;
                                }
                                dirbuf.d_reclen = GENERIC_DIRSIZ(&dirbuf);
                                /* NOTE: d_off is the offset of the *next* 
entry. */
                                dirbuf.d_off = offset + sizeof(struct direntry);
+                               dirent_terminate(&dirbuf);
                                if (uio->uio_resid < dirbuf.d_reclen)
                                        goto out;
                                error = uiomove(&dirbuf, dirbuf.d_reclen, uio);

Modified: stable/12/sys/fs/nandfs/nandfs_vnops.c
==============================================================================
--- stable/12/sys/fs/nandfs/nandfs_vnops.c      Mon Nov 26 13:56:19 2018        
(r340969)
+++ stable/12/sys/fs/nandfs/nandfs_vnops.c      Mon Nov 26 14:01:05 2018        
(r340970)
@@ -1226,7 +1226,7 @@ nandfs_readdir(struct vop_readdir_args *ap)
                        ndirent = (struct nandfs_dir_entry *)pos;
 
                        name_len = ndirent->name_len;
-                       memset(&dirent, 0, sizeof(struct dirent));
+                       memset(&dirent, 0, sizeof(dirent));
                        dirent.d_fileno = ndirent->inode;
                        if (dirent.d_fileno) {
                                dirent.d_type = ndirent->file_type;
@@ -1235,6 +1235,7 @@ nandfs_readdir(struct vop_readdir_args *ap)
                                dirent.d_reclen = GENERIC_DIRSIZ(&dirent);
                                /* NOTE: d_off is the offset of the *next* 
entry. */
                                dirent.d_off = diroffset + ndirent->rec_len;
+                               dirent_terminate(&dirent);
                                DPRINTF(READDIR, ("copying `%*.*s`\n", name_len,
                                    name_len, dirent.d_name));
                        }
@@ -1248,7 +1249,7 @@ nandfs_readdir(struct vop_readdir_args *ap)
 
                        /* Transfer */
                        if (dirent.d_fileno)
-                               uiomove(&dirent, GENERIC_DIRSIZ(&dirent), uio);
+                               uiomove(&dirent, dirent.d_reclen, uio);
 
                        /* Advance */
                        diroffset += ndirent->rec_len;

Modified: stable/12/sys/fs/nfsclient/nfs_clrpcops.c
==============================================================================
--- stable/12/sys/fs/nfsclient/nfs_clrpcops.c   Mon Nov 26 13:56:19 2018        
(r340969)
+++ stable/12/sys/fs/nfsclient/nfs_clrpcops.c   Mon Nov 26 14:01:05 2018        
(r340970)
@@ -2959,6 +2959,7 @@ nfsrpc_readdir(vnode_t vp, struct uio *uiop, nfsuint64
                            return (error);
                        nd->nd_mrep = NULL;
                        dp = (struct dirent *)uio_iov_base(uiop);
+                       dp->d_pad0 = dp->d_pad1 = 0;
                        dp->d_off = 0;
                        dp->d_type = DT_DIR;
                        dp->d_fileno = dotfileid;
@@ -2978,6 +2979,7 @@ nfsrpc_readdir(vnode_t vp, struct uio *uiop, nfsuint64
                        uio_iov_base_add(uiop, dp->d_reclen);
                        uio_iov_len_add(uiop, -(dp->d_reclen));
                        dp = (struct dirent *)uio_iov_base(uiop);
+                       dp->d_pad0 = dp->d_pad1 = 0;
                        dp->d_off = 0;
                        dp->d_type = DT_DIR;
                        dp->d_fileno = dotdotfileid;
@@ -3091,6 +3093,7 @@ nfsrpc_readdir(vnode_t vp, struct uio *uiop, nfsuint64
                                tlen += 8;  /* To ensure null termination. */
                        left = DIRBLKSIZ - blksiz;
                        if (_GENERIC_DIRLEN(len) + NFSX_HYPER > left) {
+                               NFSBZERO(uio_iov_base(uiop), left);
                                dp->d_reclen += left;
                                uio_iov_base_add(uiop, left);
                                uio_iov_len_add(uiop, -(left));
@@ -3103,6 +3106,7 @@ nfsrpc_readdir(vnode_t vp, struct uio *uiop, nfsuint64
                                bigenough = 0;
                        if (bigenough) {
                                dp = (struct dirent *)uio_iov_base(uiop);
+                               dp->d_pad0 = dp->d_pad1 = 0;
                                dp->d_off = 0;
                                dp->d_namlen = len;
                                dp->d_reclen = _GENERIC_DIRLEN(len) +
@@ -3120,7 +3124,7 @@ nfsrpc_readdir(vnode_t vp, struct uio *uiop, nfsuint64
                                        goto nfsmout;
                                cp = uio_iov_base(uiop);
                                tlen -= len;
-                               *cp = '\0';     /* null terminate */
+                               NFSBZERO(cp, tlen);
                                cp += tlen;     /* points to cookie storage */
                                tl2 = (u_int32_t *)cp;
                                uio_iov_base_add(uiop, (tlen + NFSX_HYPER));
@@ -3208,6 +3212,7 @@ nfsrpc_readdir(vnode_t vp, struct uio *uiop, nfsuint64
         */
        if (blksiz > 0) {
                left = DIRBLKSIZ - blksiz;
+               NFSBZERO(uio_iov_base(uiop), left);
                dp->d_reclen += left;
                uio_iov_base_add(uiop, left);
                uio_iov_len_add(uiop, -(left));
@@ -3235,10 +3240,8 @@ nfsrpc_readdir(vnode_t vp, struct uio *uiop, nfsuint64
         */
        while (uio_uio_resid(uiop) > 0 && uio_uio_resid(uiop) != tresid) {
                dp = (struct dirent *)uio_iov_base(uiop);
+               NFSBZERO(dp, DIRBLKSIZ);
                dp->d_type = DT_UNKNOWN;
-               dp->d_fileno = 0;
-               dp->d_namlen = 0;
-               dp->d_name[0] = '\0';
                tl = (u_int32_t *)&dp->d_name[4];
                *tl++ = cookie.lval[0];
                *tl = cookie.lval[1];
@@ -3393,6 +3396,7 @@ nfsrpc_readdirplus(vnode_t vp, struct uio *uiop, nfsui
                            return (error);
                        nd->nd_mrep = NULL;
                        dp = (struct dirent *)uio_iov_base(uiop);
+                       dp->d_pad0 = dp->d_pad1 = 0;
                        dp->d_off = 0;
                        dp->d_type = DT_DIR;
                        dp->d_fileno = dotfileid;
@@ -3412,6 +3416,7 @@ nfsrpc_readdirplus(vnode_t vp, struct uio *uiop, nfsui
                        uio_iov_base_add(uiop, dp->d_reclen);
                        uio_iov_len_add(uiop, -(dp->d_reclen));
                        dp = (struct dirent *)uio_iov_base(uiop);
+                       dp->d_pad0 = dp->d_pad1 = 0;
                        dp->d_off = 0;
                        dp->d_type = DT_DIR;
                        dp->d_fileno = dotdotfileid;
@@ -3506,6 +3511,7 @@ nfsrpc_readdirplus(vnode_t vp, struct uio *uiop, nfsui
                                tlen += 8;  /* To ensure null termination. */
                        left = DIRBLKSIZ - blksiz;
                        if (_GENERIC_DIRLEN(len) + NFSX_HYPER > left) {
+                               NFSBZERO(uio_iov_base(uiop), left);
                                dp->d_reclen += left;
                                uio_iov_base_add(uiop, left);
                                uio_iov_len_add(uiop, -(left));
@@ -3518,6 +3524,7 @@ nfsrpc_readdirplus(vnode_t vp, struct uio *uiop, nfsui
                                bigenough = 0;
                        if (bigenough) {
                                dp = (struct dirent *)uio_iov_base(uiop);
+                               dp->d_pad0 = dp->d_pad1 = 0;
                                dp->d_off = 0;
                                dp->d_namlen = len;
                                dp->d_reclen = _GENERIC_DIRLEN(len) +
@@ -3538,7 +3545,7 @@ nfsrpc_readdirplus(vnode_t vp, struct uio *uiop, nfsui
                                        goto nfsmout;
                                cp = uio_iov_base(uiop);
                                tlen -= len;
-                               *cp = '\0';
+                               NFSBZERO(cp, tlen);
                                cp += tlen;     /* points to cookie storage */
                                tl2 = (u_int32_t *)cp;
                                if (len == 2 && cnp->cn_nameptr[0] == '.' &&
@@ -3708,6 +3715,7 @@ nfsrpc_readdirplus(vnode_t vp, struct uio *uiop, nfsui
         */
        if (blksiz > 0) {
                left = DIRBLKSIZ - blksiz;
+               NFSBZERO(uio_iov_base(uiop), left);
                dp->d_reclen += left;
                uio_iov_base_add(uiop, left);
                uio_iov_len_add(uiop, -(left));
@@ -3735,10 +3743,8 @@ nfsrpc_readdirplus(vnode_t vp, struct uio *uiop, nfsui
         */
        while (uio_uio_resid(uiop) > 0 && uio_uio_resid(uiop) != tresid) {
                dp = (struct dirent *)uio_iov_base(uiop);
+               NFSBZERO(dp, DIRBLKSIZ);
                dp->d_type = DT_UNKNOWN;
-               dp->d_fileno = 0;
-               dp->d_namlen = 0;
-               dp->d_name[0] = '\0';
                tl = (u_int32_t *)&dp->d_name[4];
                *tl++ = cookie.lval[0];
                *tl = cookie.lval[1];

Modified: stable/12/sys/fs/pseudofs/pseudofs_vnops.c
==============================================================================
--- stable/12/sys/fs/pseudofs/pseudofs_vnops.c  Mon Nov 26 13:56:19 2018        
(r340969)
+++ stable/12/sys/fs/pseudofs/pseudofs_vnops.c  Mon Nov 26 14:01:05 2018        
(r340970)
@@ -828,7 +828,6 @@ pfs_readdir(struct vop_readdir_args *va)
                /* PFS_DELEN was picked to fit PFS_NAMLEN */
                for (i = 0; i < PFS_NAMELEN - 1 && pn->pn_name[i] != '\0'; ++i)
                        pfsent->entry.d_name[i] = pn->pn_name[i];
-               pfsent->entry.d_name[i] = 0;
                pfsent->entry.d_namlen = i;
                /* NOTE: d_off is the offset of the *next* entry. */
                pfsent->entry.d_off = offset + PFS_DELEN;
@@ -855,6 +854,7 @@ pfs_readdir(struct vop_readdir_args *va)
                        panic("%s has unexpected node type: %d", pn->pn_name, 
pn->pn_type);
                }
                PFS_TRACE(("%s", pfsent->entry.d_name));
+               dirent_terminate(&pfsent->entry);
                STAILQ_INSERT_TAIL(&lst, pfsent, link);
                offset += PFS_DELEN;
                resid -= PFS_DELEN;

Modified: stable/12/sys/fs/smbfs/smbfs_io.c
==============================================================================
--- stable/12/sys/fs/smbfs/smbfs_io.c   Mon Nov 26 13:56:19 2018        
(r340969)
+++ stable/12/sys/fs/smbfs/smbfs_io.c   Mon Nov 26 14:01:05 2018        
(r340970)
@@ -106,8 +106,8 @@ smbfs_readvdir(struct vnode *vp, struct uio *uio, stru
                de.d_namlen = offset + 1;
                de.d_name[0] = '.';
                de.d_name[1] = '.';
-               de.d_name[offset + 1] = '\0';
                de.d_type = DT_DIR;
+               dirent_terminate(&de);
                error = uiomove(&de, DE_SIZE, uio);
                if (error)
                        goto out;
@@ -156,7 +156,7 @@ smbfs_readvdir(struct vnode *vp, struct uio *uio, stru
                de.d_type = (ctx->f_attr.fa_attr & SMB_FA_DIR) ? DT_DIR : 
DT_REG;
                de.d_namlen = ctx->f_nmlen;
                bcopy(ctx->f_name, de.d_name, de.d_namlen);
-               de.d_name[de.d_namlen] = '\0';
+               dirent_terminate(&de);
                if (smbfs_fastlookup) {
                        error = smbfs_nget(vp->v_mount, vp, ctx->f_name,
                            ctx->f_nmlen, &ctx->f_attr, &newvp);

Modified: stable/12/sys/fs/tmpfs/tmpfs_subr.c
==============================================================================
--- stable/12/sys/fs/tmpfs/tmpfs_subr.c Mon Nov 26 13:56:19 2018        
(r340969)
+++ stable/12/sys/fs/tmpfs/tmpfs_subr.c Mon Nov 26 14:01:05 2018        
(r340970)
@@ -39,6 +39,7 @@
 __FBSDID("$FreeBSD$");
 
 #include <sys/param.h>
+#include <sys/systm.h>
 #include <sys/dirent.h>
 #include <sys/fnv_hash.h>
 #include <sys/lock.h>
@@ -50,7 +51,6 @@ __FBSDID("$FreeBSD$");
 #include <sys/random.h>
 #include <sys/rwlock.h>
 #include <sys/stat.h>
-#include <sys/systm.h>
 #include <sys/sysctl.h>
 #include <sys/vnode.h>
 #include <sys/vmmeter.h>
@@ -1127,8 +1127,8 @@ tmpfs_dir_getdotdent(struct tmpfs_node *node, struct u
        dent.d_type = DT_DIR;
        dent.d_namlen = 1;
        dent.d_name[0] = '.';
-       dent.d_name[1] = '\0';
        dent.d_reclen = GENERIC_DIRSIZ(&dent);
+       dirent_terminate(&dent);
 
        if (dent.d_reclen > uio->uio_resid)
                error = EJUSTRETURN;
@@ -1171,8 +1171,8 @@ tmpfs_dir_getdotdotdent(struct tmpfs_node *node, struc
        dent.d_namlen = 2;
        dent.d_name[0] = '.';
        dent.d_name[1] = '.';
-       dent.d_name[2] = '\0';
        dent.d_reclen = GENERIC_DIRSIZ(&dent);
+       dirent_terminate(&dent);
 
        if (dent.d_reclen > uio->uio_resid)
                error = EJUSTRETURN;
@@ -1292,8 +1292,8 @@ tmpfs_dir_getdents(struct tmpfs_node *node, struct uio
                d.d_namlen = de->td_namelen;
                MPASS(de->td_namelen < sizeof(d.d_name));
                (void)memcpy(d.d_name, de->ud.td_name, de->td_namelen);
-               d.d_name[de->td_namelen] = '\0';
                d.d_reclen = GENERIC_DIRSIZ(&d);
+               dirent_terminate(&d);
 
                /* Stop reading if the directory entry we are treating is
                 * bigger than the amount of data that can be returned. */

Modified: stable/12/sys/fs/tmpfs/tmpfs_vfsops.c
==============================================================================
--- stable/12/sys/fs/tmpfs/tmpfs_vfsops.c       Mon Nov 26 13:56:19 2018        
(r340969)
+++ stable/12/sys/fs/tmpfs/tmpfs_vfsops.c       Mon Nov 26 14:01:05 2018        
(r340970)
@@ -46,6 +46,7 @@
 __FBSDID("$FreeBSD$");
 
 #include <sys/param.h>
+#include <sys/systm.h>
 #include <sys/dirent.h>
 #include <sys/limits.h>
 #include <sys/lock.h>
@@ -56,7 +57,6 @@ __FBSDID("$FreeBSD$");
 #include <sys/kernel.h>
 #include <sys/rwlock.h>
 #include <sys/stat.h>
-#include <sys/systm.h>
 #include <sys/sysctl.h>
 #include <sys/vnode.h>
 

Modified: stable/12/sys/fs/tmpfs/tmpfs_vnops.c
==============================================================================
--- stable/12/sys/fs/tmpfs/tmpfs_vnops.c        Mon Nov 26 13:56:19 2018        
(r340969)
+++ stable/12/sys/fs/tmpfs/tmpfs_vnops.c        Mon Nov 26 14:01:05 2018        
(r340970)
@@ -39,6 +39,7 @@
 __FBSDID("$FreeBSD$");
 
 #include <sys/param.h>
+#include <sys/systm.h>
 #include <sys/dirent.h>
 #include <sys/fcntl.h>
 #include <sys/limits.h>
@@ -51,7 +52,6 @@ __FBSDID("$FreeBSD$");
 #include <sys/rwlock.h>
 #include <sys/sched.h>
 #include <sys/stat.h>
-#include <sys/systm.h>
 #include <sys/sysctl.h>
 #include <sys/unistd.h>
 #include <sys/vnode.h>

Modified: stable/12/sys/fs/udf/udf_vnops.c
==============================================================================
--- stable/12/sys/fs/udf/udf_vnops.c    Mon Nov 26 13:56:19 2018        
(r340969)
+++ stable/12/sys/fs/udf/udf_vnops.c    Mon Nov 26 14:01:05 2018        
(r340970)
@@ -843,10 +843,10 @@ udf_readdir(struct vop_readdir_args *a)
                        dir.d_fileno = node->hash_id;
                        dir.d_type = DT_DIR;
                        dir.d_name[0] = '.';
-                       dir.d_name[1] = '\0';
                        dir.d_namlen = 1;
                        dir.d_reclen = GENERIC_DIRSIZ(&dir);
                        dir.d_off = 1;
+                       dirent_terminate(&dir);
                        uiodir.dirent = &dir;
                        error = udf_uiodir(&uiodir, dir.d_reclen, uio, 1);
                        if (error)
@@ -856,10 +856,10 @@ udf_readdir(struct vop_readdir_args *a)
                        dir.d_type = DT_DIR;
                        dir.d_name[0] = '.';
                        dir.d_name[1] = '.';
-                       dir.d_name[2] = '\0';
                        dir.d_namlen = 2;
                        dir.d_reclen = GENERIC_DIRSIZ(&dir);
                        dir.d_off = 2;
+                       dirent_terminate(&dir);
                        uiodir.dirent = &dir;
                        error = udf_uiodir(&uiodir, dir.d_reclen, uio, 2);
                } else {
@@ -870,6 +870,7 @@ udf_readdir(struct vop_readdir_args *a)
                            DT_DIR : DT_UNKNOWN;
                        dir.d_reclen = GENERIC_DIRSIZ(&dir);
                        dir.d_off = ds->this_off;
+                       dirent_terminate(&dir);
                        uiodir.dirent = &dir;
                        error = udf_uiodir(&uiodir, dir.d_reclen, uio,
                            ds->this_off);

Modified: stable/12/sys/kern/uipc_mqueue.c
==============================================================================
--- stable/12/sys/kern/uipc_mqueue.c    Mon Nov 26 13:56:19 2018        
(r340969)
+++ stable/12/sys/kern/uipc_mqueue.c    Mon Nov 26 14:01:05 2018        
(r340970)
@@ -1428,7 +1428,6 @@ mqfs_readdir(struct vop_readdir_args *ap)
                entry.d_fileno = pn->mn_fileno;
                for (i = 0; i < MQFS_NAMELEN - 1 && pn->mn_name[i] != '\0'; ++i)
                        entry.d_name[i] = pn->mn_name[i];
-               entry.d_name[i] = 0;
                entry.d_namlen = i;
                switch (pn->mn_type) {
                case mqfstype_root:
@@ -1447,6 +1446,7 @@ mqfs_readdir(struct vop_readdir_args *ap)
                        panic("%s has unexpected node type: %d", pn->mn_name,
                                pn->mn_type);
                }
+               dirent_terminate(&entry);
                if (entry.d_reclen > uio->uio_resid)
                         break;
                if (offset >= uio->uio_offset) {

Modified: stable/12/sys/kern/vfs_export.c
==============================================================================
--- stable/12/sys/kern/vfs_export.c     Mon Nov 26 13:56:19 2018        
(r340969)
+++ stable/12/sys/kern/vfs_export.c     Mon Nov 26 14:01:05 2018        
(r340970)
@@ -43,6 +43,7 @@ __FBSDID("$FreeBSD$");
 #include "opt_inet6.h"
 
 #include <sys/param.h>
+#include <sys/systm.h>
 #include <sys/dirent.h>
 #include <sys/jail.h>
 #include <sys/kernel.h>
@@ -55,7 +56,6 @@ __FBSDID("$FreeBSD$");
 #include <sys/refcount.h>
 #include <sys/signalvar.h>
 #include <sys/socket.h>
-#include <sys/systm.h>
 #include <sys/vnode.h>
 
 #include <netinet/in.h>

Modified: stable/12/sys/sys/dirent.h
==============================================================================
--- stable/12/sys/sys/dirent.h  Mon Nov 26 13:56:19 2018        (r340969)
+++ stable/12/sys/sys/dirent.h  Mon Nov 26 14:01:05 2018        (r340970)
@@ -126,6 +126,19 @@ struct freebsd11_dirent {
 
 #ifdef _KERNEL
 #define        GENERIC_DIRSIZ(dp)      _GENERIC_DIRSIZ(dp)
+
+/*
+ * Ensure that padding bytes are zeroed and that the name is NUL-terminated.
+ */
+static inline void
+dirent_terminate(struct dirent *dp)
+{
+
+       dp->d_pad0 = 0;
+       dp->d_pad1 = 0;
+       memset(dp->d_name + dp->d_namlen, 0,
+           dp->d_reclen - (__offsetof(struct dirent, d_name) + dp->d_namlen));
+}
 #endif
 
 #endif /* !_SYS_DIRENT_H_ */

Modified: stable/12/sys/ufs/ufs/ufs_vnops.c
==============================================================================
--- stable/12/sys/ufs/ufs/ufs_vnops.c   Mon Nov 26 13:56:19 2018        
(r340969)
+++ stable/12/sys/ufs/ufs/ufs_vnops.c   Mon Nov 26 14:01:05 2018        
(r340970)
@@ -2217,9 +2217,9 @@ ufs_readdir(ap)
                        dstdp.d_fileno = dp->d_ino;
                        dstdp.d_reclen = GENERIC_DIRSIZ(&dstdp);
                        bcopy(dp->d_name, dstdp.d_name, dstdp.d_namlen);
-                       dstdp.d_name[dstdp.d_namlen] = '\0';
                        /* NOTE: d_off is the offset of the *next* entry. */
                        dstdp.d_off = offset + dp->d_reclen;
+                       dirent_terminate(&dstdp);
                        if (dstdp.d_reclen > uio->uio_resid) {
                                if (uio->uio_resid == startresid)
                                        error = EINVAL;
_______________________________________________
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

Reply via email to